Friday, October 4, 2024
HomeCyber Security NewsHonda Data Leak - 134 Million Documents Related to Internal Network and...

Honda Data Leak – 134 Million Documents Related to Internal Network and Computers Leaked

Published on

An unsecured ElasticSearch database belongs to largets automobile manufacturer exposed online. The exposed documents include internal network and computers data of Honda Motor Company.

Security researcher Justin Paine uncovered the leaked database, the ElasticSearch database contains 134M that worth around 40GB of data. It appears the database publically available for more than a week.

The unprotected database contains sensitive information such as “hostname, MAC address, internal IP, operating system version, which patches had been applied, hostnames and the status of Honda’s endpoint security software.”

- Advertisement - EHA

Exposed data

The databases contain dealership information and the data related to Honda’s global network of employee machines. It exposes the names of endpoint security vendor networks that protect Honda’s machines and the high-level employee’s data such as CEO, CFO, CSO, etc.

By having the unique data attackers can launch targeted attacks and can exploit the vulnerability to get access over the network and to penetrate further.

A table in name “ad_com_all” exposes the OS versions, hostnames and has over 300,000 data points, another table spotted has employee name, department, last login, employee number and account names.

Paine also identified several tables that include the employee email, department, machine IP address, MAC address, hostname, operating system, machine type, endpoint security state, printer name, internal I Pand which Windows KB/patches.

Also, the leaks include the “CEO’s full email, full name, department, MAC address, which Windows KB/patches had been applied, OS, OS version, endpoint security status, IP, and device type.”

Paine reached out to Honda’s security team on July 6th and the ElasticSearch database was secured, here is the statement from Honda.

“Thank you very much for pointing out the vulnerability. The security issue you identified could have potentially allowed outside parties to access some of Honda’s cloud-based data that consisted of information related to our employees and their computers. We investigated the system’s access logs and found no signs of data download by any third parties. At this moment, there is no evidence that data was leaked, excluding the screenshots taken by you. We will take appropriate actions by relevant laws and regulations, and will continue to work on proactive security measures to prevent similar incidents in the future.”

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...